Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM

4.4 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitation Likelihood

EPSS Prediction

0.41 %

Predictive Probability

Percentile Rank

60.6 th

Documented as more likely to be exploited than 60.6% of known CVEs.

Detection Date

May 19, 2023

Remediation Due

Jun 09, 2023

CISA Catalog Active

Threat Analysis

Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

Remediation Directive

Apply updates per vendor instructions.

Asset Context

Vendor Identity

Samsung

Affected Product

Mobile Devices

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-532

External Intelligence

https://security.samsungmobile.com/securityUpdate.smsb

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2023-21492